Phil Goldstein is a web editor for FedTech and BizTech. Besides keeping up with the latest in technology trends, he is also an avid lover of the New York Yankees, poetry, photography, traveling and escaping humidity.

The year is drawing to a close and official Washington is getting ready to shut down for the holidays. The end of the year will also mark the first 11 months of the Trump administration, which has set out to leave its mark on federal IT.

With that in mind, it’s worth taking stock of how much has changed — and how much remains to be done in 2018 and beyond. Any new administration wants to set its own priorities and tone and that has certainly been true of the Trump administration when it comes to government IT.

Much of the conversation has been dominated by the administration’s cybersecurity executive order, which President Donald Trump signed in May after months of anticipation. However, there has also been a renewed effort to spur IT modernization, both inside the administration and in Congress, a push for more shared services and changes in IT leadership roles.

Here is a look back at some of the key trends in federal IT from this past year:

1. Risk-Based Cybersecurity Gets Elevated

The executive order on cybersecurity has driven much of federal cyber policy this year. The order refocuses cybersecurity around three main areas: protecting federal networks; protecting critical infrastructure; and securing the nation through deterrence, international cooperation and growing the cybersecurity workforce.

At its heart, the order forces agency leaders to identify their cybersecurity risks and build defenses around them. Only by identifying and acknowledging risks can proper cybersecurity defenses be mounted, Rob Joyce, the White House’s cybersecurity coordinator, has argued. Under the Trump administration, the idea is that agency heads can no longer pass off responsibility for cybersecurity to their subordinates.

The order leverages many of the constructs for cybersecurity that are already in place. Under the order, each agency head is required to use the Framework for Improving Critical Infrastructure Cybersecurity developed by the National Institute of Standards and Technology (NIST), or any successor document, to manage his or her agency’s cybersecurity risk.

Agencies have also had to develop risk management reports that document the risk mitigation and acceptance choices made by each agency head, including the strategic, operational and budgetary considerations that informed those choices, and any accepted risk, including from unmitigated vulnerabilities.

Practically, there have been changes on the ground. Over the summer, the Department of Homeland Security and General Services Administration released the first new task order, called DEFEND (Dynamic and Evolving Federal Enterprise Network Defense), under the Alliant governmentwide acquisition contract. DEFEND replaces blanket purchase agreements (BPAs) that expire in August 2018. GSA argues that DEFEND will allow agencies to more quickly deploy cybersecurity technology as the IT and threats evolve, and allow DHS and GSA to issue requests for service for discrete kinds of cybersecurity work, including cloud, access management, mobile and more.

DHS has also told agencies they must apply widely-accepted security standards for email and web traffic, which Jeanette Manfra, assistant secretary for the office of cybersecurity and communications at DHS, says is a “tangible” sign that DHS is using industry-based standards to improve federal cybersecurity.

Hurd reintroduced the legislation in the House in April and it passed in May. The effort also got support from the administration, with the president’s fiscal 2018 budget request, like the Obama administration’s final one, suggesting the creation of a Technology Modernization Fund (TMF) to replace and retire antiquated IT. The administration’s budget request includes $228 million for a fund that agencies could use to move to more modern infrastructure, such as using the cloud and shared services. The money would be repaid in future years from the savings garnered by using the more efficient technology.

The bill languished in the Senate over the summer but in mid-November the Senate passed the bill as part of the 2018 National Defense Authorization Act days after the House did the same, clearing the way for it to become law once Trump signs off. The bill would, as FedScoop reports, “put money saved through IT efficiencies into working capital funds, which can be accessed for up to three years, to fund efforts to modernize their technology. It also would create a centralized fund that agencies can tap into for modernization.”

While that work has been going on in Congress, the White House has also gotten in on the act. On Aug. 30, it issued a report that spells out its plan to modernize federal IT systems. The report heavily emphasizes the importance of cloud and shared IT services. The report was issued by the American Technology Council (ATC), which Trump established in May to “coordinate the vision, strategy and direction” for the federal government's use of IT and the delivery of digital services. The report was open to public comments, some of which praised its approach and others that questioned some of its conclusions. The White House is working on a final report.

3. Shared Services Find Strong Support

Shared services got a major boost in the cybersecurity order, with Trump declaring that agency leaders “shall show preference in their procurement for shared IT services, to the extent permitted by law, including email, cloud and cybersecurity services.”

Shared services consolidate common government operations such as IT management, finance, human resources and other functions into centralized service providers. Multiple agencies can take advantage of the services, reducing costs and boosting efficiencies as the government leverages its massive collective buying power.

The administration has also emphasized the importance of shared services both in the ATC IT modernization report and a memo from the Office of Management and Budget earlier this year directing agencies to come up with “agency reform plans” to streamline their operations. The memo states that an example of a “crosscutting reform” might be “areas where market or technology changes allow a service to be delivered more efficiently, such as by a shared service provider.”

Beth Angerman, executive director of the Unified Shared Services Management office at GSA, indicated over the summer that shared services will factor into those plans and help eliminate redundancies at agencies. “I can say with confidence that sharing services and technology that support mission is a very active topic of conversation today,” Angerman said at the Agency Reform Summit, FedScoop reports.